Add several improvements, and merge PR2, PR6 #9
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Update import statement to support most recent ouilookup in pip. This version 0.3.1 was released in May 13, 2023. According to ndejong/ouilookup#3, to avoid import issue.
1. If we support only L2CAP, don't show profiles that don't work 2. Spelling
* Added .gitignore; * Added environment normalization files; * Minor bug fix in index input exception handling; --------- Co-authored-by: Ashwinkumar Pillai <[email protected]>
…(for ouilookup, pybluez, scapy) I hope this doesn't break anything! Seems to work fine.
Do not delete logs and instead limit max log entries to 50 million, i.e. about 1-2GB on disk. Change this limit to run more than 50m fuzzing iterations
Previously, if the one-time check fails, the fuzzer changes target port to 1. This may not be clear to user, and it's better to allow user to decide what target to fuzz! imo. Besides, no check was/is done to ensure that the new port 1 communication is successful, which creates confusing patterns, like: "cannot communicate with port 1! Defaulting to port 1".
…vices 'all': Command all did not work as intended, there seems to be persistent state in the fuzzing module. Removing. 'scan-only': Add command to only detect all networks, without fuzzing find_all_services: Add functionality to search by manual connections, in addition to SDP scan, thereby possibly finding unannounced services on target
Since the Python process seems to maintain state, use a separate Bash script to loop over all services detected. Enabling fully automatic fuzz on target
Quick change to try to print port on hard crashes, it may however be misleading for requests not utilizing a port? Additionally, save last 1k logs from adb logcat to separate crash file, on hard crashes
Get current time as soon as possible on hard crash for easier debugging. Remove spaces in ADB filename and add ' so that filename doesn't get wrongly interpreted by OS.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I merged PRs and added several improvements and documentation.
I hope it could be of help to someone.
Changelog
Merge pull requests
Build
New features
This results in the original (.wrt) logfile per target port, as well as a new (.adb.log) file with the logcat dump for each hard crash.
To determine which run (.wrt file) resulted in a specific hard crash (.adb.log), grep for the timestamp in the filename to find the corresponding entry in the .wrt log for the run.
This was done in a Bash script to avoid using state from earlier fuzzing rounds as it otherwise would be run in the same single Python process.
Exceptions and failure behavior
Logging
Other